RE: Secure Windows 2000 pro/server

From: Brad Judy (judy@colorado.edu)
Date: 10/29/01 

From: "Brad Judy" <judy@colorado.edu>
To: "John Minnella" <JohnM@environics.ca>, <focus-ms@securityfocus.com>
Subject: RE: Secure Windows 2000 pro/server
Date: Mon, 29 Oct 2001 10:11:32 -0700
Message-ID: <DJEGKFFMGLMAKALIEECAGEJCCIAA.judy@colorado.edu>

There are a number of good write-ups. Some of them are directed toward
Server, but most aspects of hardening are common between the two. Here are
a few of the ones I have used:

"Windows 2000 Baseline Security Checklist" by Microsoft - there are also
Server and IIS versions of this document available.
http://www.microsoft.com/technet/security/tools/w2kprocl.asp

"Hardening Windows 2000" by Phil Cox - From the book "Windows 2000 Security
Handbook" Phil Cox et al.
http://www.systemexperts.com/tutors/HardenW2K101.pdf

Windows 2000 Security Recommendations Guides by the National Security
Agency - directed toward federal agencies, but much is applicable to other
organizations. Read the "Guide to Securing Microsoft Windows 2000 File and
Disk Resources"
http://nsa2.www.conxion.com/win2k/download.htm

I like this guide from Yale as well - very similar to the one I am writing
for our campus.
http://www.yale.edu/its/security/Procedures/Securing/NT/w2k/

A couple of other decent ones:

Labmice.net
http://www.labmice.net/articles/securingwin2000.htm

ArsTechnica
http://arstechnica.com/tweak/win2k/security/begin-1.html

Most of these pages overlap greatly and some of them contradict each other,
but there are differences in opinion in all fields. There are many other
resources for Windows 2000 security. Out of the several W2K security book I
have worked with, I like "Windows 2000 Security Handbook" by Phil Cox et al,
and "Securing Windows NT/2000 Servers for the Internet" by Stefan Norberg.
There is also a Windows 2000 reading room at SANS
(http://www.sans.org/infosecFAQ/win2000/win2000_list.htm) with many good
articles about various aspects of security in Windows 2000.

I hope this helps and was not too much information.

Brad Judy
Information Technology Services
University of Colorado at Boulder

> -----Original Message-----
> From: John Minnella [mailto:JohnM@environics.ca]
> Sent: Monday, October 29, 2001 7:50 AM
> To: focus-ms@securityfocus.com
> Subject: Secure Windows 2000 pro/server
>
>
> Hi,
> are there any good write ups on how to secure/harden Windows 2000 Pro?
>

Relevant Pages

  • SecurityFocus Microsoft Newsletter #164
    ... Got Storage Security Risks? ... MICROSOFT VULNERABILITY SUMMARY ... Chat Client FTP Server Default Username Credential Weak... ... NetServe Web Server is a compact web server for Microsoft Windows ...
    (Focus-Microsoft)
  • Re: im being held in memory
    ... How can I harden my computer or server to secure it from hackers? ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.security)
  • MS and security: good effort but no cigar
    ... build upon the progress it's already made in security. ... The low-hanging fruit of millions of insecure Windows machines ... Then there's the issue of poorly secured server applications. ... and execute external virus and filtering ...
    (microsoft.public.windowsxp.general)
  • SecurityFocus Microsoft Newsletter #167
    ... MICROSOFT VULNERABILITY SUMMARY ... Multiple Vendor XML Parser SOAP Server Denial Of Service Vul... ... Proactive Windows Security Explorer ...
    (Focus-Microsoft)
  • Re: Group Policy broke my DCs
    ... to be very careful with tweaking services on domain controllers. ... Group Policy - security policy at the OU level which makes it much easier to ... complied from the Windows 2003 Server Security guide for baseline core ... Server - automatic ...
    (microsoft.public.windows.group_policy)